Skip to Content
Learn
Authentication
Signup I

Nice work! You’ve added columns to the users table and ran a migration to update the database.

What’s the password_digest column for? When a user submits their password, it’s not a good idea to store that password as is in the database; if an attacker somehow gets into your database, they would be able to see all your users’ passwords.

One way to defend against this is to store passwords as encrypted strings in the database. This is what the has_secure_password method helps with - it uses the bcrypt algorithm to securely hash a user’s password, which then gets saved in the password_digest column.

Then when a user logs in again, has_secure_password will collect the password that was submitted, hash it with bcrypt, and check if it matches the hash in the database.

Instructions

1.

Now that the models are set up, let’s move on to the rest of the request/response cycle and create the controllers, routes, and views needed for the signup machinery.

Generate a controller named Users.

2.

In the routes file, add these routes:

get 'signup' => 'users#new' resources :users
3.

Next, in the Users controller add the new action.

def new @user = User.new end
4.

Then in app/views/users/new.html.erb, on line 7, use form_for to create a form with the fields of the @user object.

Look back at our Rails exercise on web templating for an example on how to use form_for in your code.

We’ve provided CSS in app/assets/stylesheets/application.css.

5.

Start the Rails server.

Then visit http://localhost:8000/signup to preview the signup page in the browser.

The form won’t work just yet, we’ll finish it up next.

Folder Icon

Sign up to start coding

Already have an account?